# vulhub-compose **Repository Path**: HXSecurity/vulhub-compose ## Basic Information - **Project Name**: vulhub-compose - **Description**: vulhub-compose是一款屏蔽docker-compose的命令行工具,目的是降低火线平台社区用户使用vulhub靶场的难度,减少学习docker-compose的时间成本;同时,支持直接安装洞态IAST(原灵芝IAST)到vulhub靶场,用于漏洞复现、漏洞挖掘。 - **Primary Language**: Python - **License**: MIT - **Default Branch**: main - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 6 - **Forks**: 0 - **Created**: 2021-08-24 - **Last Updated**: 2025-05-23 ## Categories & Tags **Categories**: docker-related **Tags**: IAST, DongTai ## README # vulhub-compose [![license](https://img.shields.io/github/license/huoxianclub/vulhub-compose.svg)](https://github.com/huoxianclub/vulhub-compose/blob/main/LICENSE) [![build](https://github.com/huoxianclub/vulhub-compose/actions/workflows/python-publish.yml/badge.svg)](https://github.com/huoxianclub/vulhub-compose/actions/workflows/python-publish.yml) `vulhub-cli` is a command line tool of the vulhub project, which makes the operation of `docker-compose` transparent and reduces the difficulty of using the vulhub shooting range. Vulhub-cli supports local mode and remote mode. The remote mode can directly start the related shooting range without downloading the complete vulhub project, which is more convenient to use. [中文文档](https://github.com/huoxianclub/vulhub-compose/blob/main/README.zh-ch.md) ## Quick start If you want to download the vulhub project or have already downloaded the vulhub project, you can directly use the local mode; if you don’t want to download, you can use the remote mode #### download vulhub-cli ```shell script $ pip install vulhub-cli ``` #### local mode ```shell script # Specify relative path $ vulhub-cli local start --app fastjson/1.2.24-rce $ vulhub-cli local start --app ./fastjson/1.2.24-rce # Specify absolute path $ vulhub-cli local start --app /opt/vulhub/fastjson/1.2.24-rce # Stop environment use vulhub-cli $ vulhub-cli local stop --app fastjson/1.2.24-rce # Stop environment with agent use vulhub-cli $ vulhub-cli local stop --app fastjson/1.2.24-rce ``` #### remote mode ```shell script # Specify vulhub app's name, eg: fastjson/1.2.24-rce $ vulhub-cli remote start --app fastjson/1.2.24-rce # Stop environment with agent use vulhub-cli $ vulhub-cli remote stop --app fastjson/1.2.24-rce ``` ## Plugin System `vulhub-cli` provides plug-in functions, which can support custom plug-ins to achieve specific functions. ### Plugin: dongtai Lingzhi IAST is an interactive application security testing tool independently developed by [FireWire platform](https://www.huoxian.cn/) to detect vulnerabilities in application systems; dongtai IAST supports the detection of some 0 Day vulnerabilities. Now, you can use the vulhub-cli tool to quickly create a shooting range and install dongtai IAST to experience the vulnerability detection function. #### Usage The startup method is the same as the normal startup method, just add the `plugin` parameter to specify the use of the `dongtai` plugin. ```shell script # Start the vulhub's app with public Lingzhi IAST agent $ vulhub-cli remote start --app fastjson/1.2.24-rce --plugin dongtai # Start the vulhub's app with your own Lingzhi IAST agent $ vulhub-cli remote start --app fastjson/1.2.24-rce --plugin dongtai --plugin-args "token=" # Stop the vulhub's app with Lingzhi IAST $ vulhub-cli remote stop --app fastjson/1.2.24-rce --plugin dongtai ```